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This paper is a compendium of results based on a simple observation: two 
information symbols can be appended to certain nonbinary BCH codes 
without affecting the guaranteed minimum distance of these codes. We give 
two formulations which achieve this result; the second yields information 
regarding the weights of coset leaders for the original BCH codes. 

Single-error-correcting Reed-Solomon codes with the added information 
symbols yield perfect codes for the Hamming metric. We use these lengthened 
Reed-Solomon codes as building blocks for perfect single-enor-correcting 
codes in another metric. 

I. INTRODUCTION 

This paper is a compendium of results based upon a simple observa- 
tion: two information symbols can be appended to the code words of 
certain BCH codes without weakening the error correction capability 
of these codes. 

We define a class of BCH codes called "maximally redundant codes" 
in Section II; for codes in this class a simple method is given for ap- 
pending two columns to the check matrix which does not increase the 
number of check symbols for the code nor decrease the error correction 
capability of these codes. Section III gives the parameters for length- 
ened Reed-Solomon codes and shows that such codes are perfect for 
single error correction. Section IV discusses a general decoding algo- 
rithm for the lengthened codes and shows that these codes are in- 
variant under certain permutation operations. 

Section V discusses a method for constructing the lengthened codes 
from cosets of the original code. We use this approach in Section VI 
to determine the lower bounds on the number of high weight cosets 
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for the original BCH codes. Section VII defines a new metric and gives 
a procedure for constructing some perfect codes in this metric. These 
codes are based upon the lengthened Reed-Solomon codes. The ap- 
pendix shows that a necessary and sufficient condition for the non- 
zero elements of GF(p) to be partitioned into mutually exclusive and 
exhaustive four element subsets of the form 

{x,i3x,-x,-(3x}, 0,xtGF(p) 
is that there exists an integer t such that 

/3 2 ' = -l(modp). 

II. BCH CODES 

BCH codes are random-error-correcting codes for symbols from GF(q) 
where q is a prime (in which case q is replaced by p) or a power of a 
prime. 1-3 Let a be an element of GF(q m ) and let the order of a be n. 
That is, a = 1 and a 9* 1 for i < n. The check matrix of a BCH code 
with designed distance d can then be given as 



H = 



1 



1 



(a „ 0+ l )s 



/ m \n-l 

(a ) 

/ m„ + l\n- 

(a ) 



(«' 



V 



(a" 



■y 



The code words are all n-vectors, C, with entries from GF{q) which 
satisfy the equation 

HC - O. 

(Unless stated to the contrary, all vectors arc column vectors.) 

The proof that such codes have minimum distance at least d follows 
from demonstrating that all sets of d — 1 or fewer columns of H are lin- 
early independent over GF{q). Actually, the proof shows more than this: 
it shows that all sets of d — 1 or fewer columns of H are linearly indepen- 
dent over any extension field of GF(q). To establish this linear inde- 
pendence let us consider the columns j, , j 2 , • • • ,ja-i and the determinant 
of the corresponding (d — 1) by (d — 1) array of symbols from GF(q n ). 
Then, 

{a"") 1 ' (a-)'' ••• (a-)"- 



det 



(a 



(a 



(a ) 



y« ( a m ° +d -y 



(a ) 



(«" 
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m. (ii + ii+ ••• + **-«) 



"det 



(o*o M (« f, r 



(a ) 



The latter determinant is a Vander Monde determinant and is known 
to be nonzero if a u ?* a ik for i ^ h. Since the elements of the matrices 
in question are elements from GF(q m ), the nonvanishing of the determ- 
inant ensures that any set of d - 1 columns of the check matrix are 
linearly independent over GF{q m ). The special case of m = 1 defines a 
subset of BCH codes called Reed-Solomon codes.* 

The number of check symbols in the code is upper bounded by 
m (d _ i) si lice these are the number of rows in the check matrix after 
each symbol from GF(q m ) is replaced by an m-vector with elements 
from GF(q). The reason that m(d - 1) is merely an upper bound is that 
the number of check symbols is equal to the number of linearly inde- 
pendent rows in the check matrix [when expressed in terms of elements 
from GF{q)}\ in general this number can be less than m(d - 1). In this 
paper, codes for which the number of check symbols is equal to m(d — 1) 
are called "maximally redundant" BCH codes. Binary codes (codes 
for which 5 = 2) are examples of nonmaximally redundant codes while 
Reed-Solomon codes (codes for which m = 1) are examples of maximally 
redundant codes. 

Let us now consider appending two columns to the check matrix, 
H, to form the new check matrix, H', 



H' = 



It is now easy to see that any (d - 1) columns of H' are linearly inde- 
pendent over GF(q m ). [Determinants formed from (d — 1) columns, 
excluding the first two columns, are (d - 1) by (d - 1) Vander Monde. 
Determinants formed from (d - 1) columns, including one of the first 
two columns, are (d — 2) by (d - 2) Vander Monde after expansion 
about the column in question. Determinants formed from (d — 1) 



l"l 













H 





n 




_0 


i 
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columns, including both the first and second column of H', are (d — 3) 
by (d — 3) Vander Monde after expansion.] 

The number of symbols per block in the lengthened code is thus two 
more than the corresponding number for the BCH code. The number of 
check symbols may or may not be increased in accordance with 
whether or not the number of linearly independent rows remains the 
same after the addition of these two columns. One class of BCH 
codes for which the number of check symbols does not increase is 
the maximally redundant codes. This class includes all Reed-Solomon 
codes as well as other codes. 

It is possible that in some cases more than two columns can be ap- 
pended to the parity check matrix while preserving the designed dis- 
tance of the code. No general results have been found, however, for 
such cases.* For example, if a column is appended which contains a 
single 1 in the (I + l)th position of the column vector, the resultant 
determinant after expansion and factoring is of the form 

1 



D, = 



{a ) {a ) 

Such a determinant can be evaluated as 

d-2 



1 


1 


a'* 


a 1 ' 


(«'-)'- 1 


(a ) 


(«")' +1 


{a ) 



(a"-) ,+1 

(a"-) d " 2 



D, = ]I («" - «'*) t sum of a11 products of (d - 2 - I) distinct a"]. 

i>k 

The latter sum of products can be zero even if all the a' ' are distinct. 



III. LENGTHENED REED-SOLOMON CODES 

The Reed-Solomon codes codes with symbols from GF{q) are BCH 
codes formed by choosing the parameter m = 1. These codes have 
parameters 

block length n = q — 1, 

check symbols per block r = d — 1, 



* An exception is d = 4 and q even where three columns can be appended to 
the parity check matrix. The appended columns are then the 3 X 3 identity 
matrix. 
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and correct any pattern of [{d — l)/2] or fewer errors in a block of 
length n. Any t error-correcting linear code can have no fewer than 2t 
check symbols; this bound is achieved by the Reed-Solomon codes if 
d is an odd integer. This is not to say that the codes cannot be im- 
proved upon: in particular, the lengthened codes formed as described 
in Section II represent a minor improvement. 
The lengthened code has parameters: 

block length n' — q + 1, 

check symbols per block r' = (d — 1), 

and corrects any pattern of [(d — l)/2] or fewer errors in a block of 
length n' symbols. The lengthened codes are maximum distance 
separable (MDS) in that they have the maximum possible minimum 
distance for a given block length n', and code size q {n '~ T '\ These codes 
complement the set of maximum distance separable codes given by 
Singleton. 8 The weight distributions of the code words of maximum 
distance separable codes are given by Berlekamp. 6 The case of single 
error-correcting lengthened Reed-Solomon codes (that is, d = 3) are of 
particular interest in that they are perfect codes. That is, bounded 
distance decoding results in the use of every syndrome. Specifically, 
there are q 2 distinct syndromes. There are (q — 1) different errors which 
can occur in any of the (q + 1) different positions resulting in q 2 — 1 
different error patterns. The all zero error pattern (no errors) in addition 
to the (q — l)(q + 1) = q 2 — 1 single error patterns use all q 2 syndromes. 

IV. DECODING AND SYMMETRY OF LENGTHENED MAXIMALLY REDUNDANT 
BCH CODES* 

The columns of the parity check matrix are conveniently labeled: 

-< n' >- 

10 11 1 ••• 1 

1 a (a) 2 ••• (a) n ' _s 



H' = 



1 



(a 2 ) 2 



1 1 a"- 1 ( a d - 2 Y 
label co 1 a a 2 



t 2 \ n '- 



/ d-2\n'-H 

(a ) 



* This section is based on suggestions from E. R. Berlekamp of Bell Telephone 
Laboratories. 
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where o is a primitive element of GF(q m ) and m has been taken equal 
to zero. If the second column were omitted from this matrix, the re- 
sultant code would be an extension of a BCH code of designed distance 
d — \. That is, the resultant code is obtained by appending an overall 
parity check digit to a BCH code of designed distance d — 1. The code 
with the second digit omitted (block length n' — 1) is called a "singly- 
lengthened" BCH code. The code of block length n' (which includes all 
digits) is called a "doubly-lengthened" BCH code. 

For d odd, one decoding algorithm for the correction of [ {d — l)/2] 
or fewer errors for the doubly lengthened BCH codes is : 

(i) Ignore the last syndrome digit (the only equation involving the 
symbol in position labeled <») and decode as in Section 10.3 of Ref. 6 
for extended BCH codes. Let D be the number of errors indicated by 
the decoding algorithm. If D < (d — l)/2, decode all positions ex- 
cept the position labeled oo and then use the last parity check equation 
to decode the position labeled co. 

(ii) If D = (d — l)/2, assume that the digit in position oo is correct, 
modify the syndrome accordingly, and decode as in Ref. 6 using all 
digits in the modified syndrome. 

The lengthened primitive BCH codes have interesting symmetiy 
properties. Since the singly-lengthened primitive BCH code is an ex- 
tension of a primitive BCH code with designed distance one less, it is 
invariant under the affine permutation group on GF(q), as Theorem 
10.37 of Ref. 6 shows. 

One might hope that the doubly-lengthened BCH code would be 
invariant under the triply-transitive linear fractional group on 
GF(q) \J °° (page 358 of Ref. 6). This is not really the case since the 
code is not invariant under the simple permutation x — » 1/x. The 
doubly-lengthened BCH code is invariant, however, under the multiply 
and permute operation of order two specified: 

(i) Exchange digits at and oo. 

(ii) Multiply digit at a* by r i{dr ~ 2) and then move it to position a~ l . 

This operation transforms the H' matrix into the same matrix with the 
rows listed in reverse order. Since this operation preserves Hamming 
weights, it ensures considerable symmetry. 

V. ALTERNATIVE FORMULATION OF LENGTHENED MAXIMALLY REDUNDANT 
BCH CODES 

We will now describe an alternative formulation of lengthened maxi- 
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raally redundant BCH codes which is more complicated than that 
described in Section III. However, its real utility is that it gives in- 
sight to the problem of determining the weight distribution of coset 
leaders for the (unlengthened) BCH codes (a subject discussed in 
Section V). 

Consider an (unlengthened) maximally redundant BCH code [with 
symbols from GF (q) ] with check matrix 



H = 



1 



1 a 






(a ) 






(a ) - 



where a is an element of GF(q m ). Consider an n-vector X [with entries 
from QF(q)] such that 

0"! 




HX = 




where a x and <r 2 are elements from GF{q m ). We now prove the following 
inequalities regarding the weight of X, denoted W(X). 

Inequality 1: If <n = <r 9 = 0, W(X) ^ d for X * 0. 

Prooj: The vectors X which satisfy HX = O are the code words of the 
code with check matrix H and have minimum distance at least d. Thus 
the weight of any nonzero code word is greater than or equal to d. 

Inequality 2: If cr, = and o- 2 5^ or if <j x ^ and a 2 = 0, then 
W(X) fc d - 1. 

Proof: We first note that X^O since either o-j or «r 2 is nonzero. Next 
consider the case where (7,^0 and a 2 = and form a new check matrix 
H (0 obtained by deleting the first row of H. Now H (1) X = so that X 
is a code word corresponding to the check matrix H (1) . But any (d — 2) 
columns of H (1) form a (d — 2) by (d — 2) Vander Monde determinant 
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so that the weight of X is at least (d — 1). The proof for the case where 
o-, = and a 2 7* follows similarly by noticing that X is a code word in 
a code corresponding to a check matrix formed by deleting the last row 
of H. 

Inequality 3: If o x ^ and er 2 j* 0, then W(X) £ d — 2. 

Proof: Again X ?* since both <r 1 and a 2 are nonzero. Now consider a 
check matrix formed by deleting the first and last rows of H. Since X is 
in the null space of this new check matrix, every such nonzero vector 
must have weight at least (d — 2) . 



The lengthened code is now formed of (n + 2) -tuples of the form 



— <ti 

— <r 2 
X 



From before we see that all such nonzero vectors must have weight at 
least d. It is easy to verify that the set of code words from a linear code 
and indeed that such a linear code is the null space of the check matrix 



H' = 



l"l 





















H 


_0 


1 





VI. WEIGHTS OF COSETS OF MAXIMALLY REDUNDANT BCH CODES 

In this section we digress from the main theme of this paper to pre- 
sent some results on another problem: determining the weights of 
cosets (that is, coset leaders) for maximally redundant BCH codes. It 
should be emphasized that this problem differs from the widely re- 
searched problem of determining the weights of the code words them- 
selves. 

The complete weight enumeration of the cosets is known only for a 
very few classes of codes. 6 This knowledge is crucial to determining 
the performance of codes using a complete decoding algorithm (that is, 
maximum likelihood decoding). 

In this section we are not able to determine the complete weight 
enumeration for the codes under consideration. Rather we can only 
give lower bounds to the number of coset leaders whose weight exceeds 
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certain values. However, we believe that this knowledge is both new 
and useful. 

Specifically we are concerned with the weights of coset leaders of 
maximally redundant primitive BCH codes. Our main result is: 

[Number of coset leaders of weight ^ d — j] 



^ (q w ) i ~ 1 [(j+ 1)«" " i] - 1 for 



| J* 1 

[2j < d. 



This result shows that for a maximally redundant BCH code of 
minimum (designed) distance d, in addition to having as coset leaders 
all vectors of weight less than or equal to [(d — l)/2], coset leaders exist 
for all weights up to and including (d — 1). The actual minimum distance 
of the code, d ACT , may exceed the designed distance d. lf[(d ACT — l)/2] < 
d — 1, the codes cannot be perfect codes and if [(d ACT — l)/2] < d — 2, 
the codes cannot be quasiperfect. For Reed-Solomon codes d AC r = d 
and the codes are not perfect for any d and not quasiperfect for d > 3. 

Proof: Consider a coset leader X' corresponding to the syndrome, S, 
where 








HX' = S = 



d — 1 where <n t GF(q m ) i = 0, 1, 





L *i J 

Consider a new check matrix obtained by deleting the first i rows and 
the last (j — i) rows of H. X' must be a vector in the null space of this 
new check matrix and will be nonzero unless a x = <r 2 = • • • = <r, = 0. 
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Furthermore every such nonzero vector must have weight at least 
d — j since any set of d — 1 — j columns of this new check matrix forms 
a Vander Monde determinant. A counting problem remains: counting 
the number of distinct nonzero syndromes having a run of d — 1 — j 
consecutive zeros. For i = j, there are (q m ) ' — 1 such patterns corres- 
sponding to the q m different values for each o-,- (excluding a x = <t 2 = • • • 
= <7, = 0). For each i < j, there are (q m — l)(q m y~ l such patterns 
corresponding to the (q m — 1) distinct nonzero values for a i+1 and the q m 
distinct values for all other <r k , k j& % + 1. Counting in this fashion, if 
2; < d we include each such pattern once and only once resulting in a 
total of 

(q m y - 1 + Kq m - D(<r r 1 = (? m r'to' + D<f - j] - 1 

such patterns. 

The above proof not only yields a bound to the number of high 
weight coset leaders but also gives an easy way of recognizing their 
occurrence from their respective syndromes. Thus if one were to use 
bounded distance decoding (decoding only coset leaders of weight ^ 
[(d — l)/2]), many nondecodable cosets would be easily recognizable by 
the form of the syndrome. 

A tighter bound can sometimes be obtained by noticing that the 
parity check matrix 



H = 



a 

m + c 



a 
a' 



, + (d-2)< 



(a 



t m \2 

(a ) 
(a ) 

f m.+2o\2 

(a ) 

m + (d-2)a\2 



(a 



(a m r~ l 

/ m +2a\n-l 

(a ) 

m» + (d-2)<i\n-l 



r i _ 



yields a code with a minimum distance of at least d if a and n are rela- 
tively prime. Thus the zeros in the syndrome that signify a high weight 
coset need not occur as a single burst but rather can occur with a fixed 
periodicity. 

VII. SOME PERFECT SINGLE-ERROR-CORRECTING CODES FOR ANOTHER METRIC 

In this section we use the lengthened Reed-Solomon codes to construct 
codes for a new metric. In particular, we consider the case where q = p, 
a prime, and we are interested in codes that correct errors of the form 
±1, ±2, • • • , ±!F in a "single position" of a code word. In particular, 
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codes are given for T = 1 and T = 2. For T = 1, these codes are single- 
error-correcting Lee metric codes. 

The lengthened Reed-Solomon code used in the construction of these 
codes has a check matrix 



H' = 



4 n' = p + 1 

10 11 1 1 



1 1 a a 



p-2 



where a is a primitive element from GF(p). The null space of this matrix 
is a perfect single-error-correcting code for the Hamming metric. That is, 
it corrects any error [±1, ±2, • • ■ , ±(p — 1/2)] which occurs in any one 
position in a code word. 

Consider the case where it is required only to correct an error of the 
form ±1. Also consider the new check matrix 



_ fe^A, - 2l=J 



9 



H" = 



H' 2H' 3H' 



>]• 



To show that the null space of H" will correct any single error of the 
form ±1, we need only show that all columns of H" are distinct from each 
other after multiplication by ± 1 . This follows immediately from noticing 
that all pairs of columns of H' are linearly independent over GF(p). 

We prove the code is perfect by noting that 2n" + 1 = p 2 syndromes 
are needed to correct ail error in each of the n" positions (plus the all 
zero error pattern). But since H" has two rows, there are exactly p 2 
syndromes; every syndrome is used to correct the required error patterns. 

The above code has the same block length, number of check symbols, 
and error corrections capability as Berlekamp's perfect megacyclic single- 
error-correcting Lee metric codes. ' 

The form chosen for H' with the first row consisting of all ones and a 
single zero makes the decoding algorithm easy. Let 

S = [*;] where -&J=-!2 <f „ £ EJZ-! , = i, 2. 

The algorithm is as follows. 

(i) If <r, = 0, the error is in position 2 + (| a 2 \ - l)n' and has value 
sgn (eg). 

(it) If cr 2 = 0, the error is in position 1 + (| cr, | - l)n' and has 

value sgn (o-,). 
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(Hi) If til ?* and a 2 5^ 0, let x be the solution to the congruence 
via = <r 2 mod (p). The error is then in position (x 4- 3) 4- (kil — l) w ' 
and has value sgn (<ti). 

As an example, consider the code for p = 5 with a = 2, a primitive 
root. Then 



and 



H" = 



IF = 


|~1 





1 


1 


1 


1 






_0 


1 


1 


2 


4 


3j 




10 11 


1 


1 


2 





2 


2 2 2 


1 1 


2 


4 


3 





2 


2 


4 3 1 



Consider an error pattern resulting in the syndrome [ ij]. Solving 
for x [in accordance with (Hi) above] we have 

(-2)2* = 2 mod (5) 

2' = — 1 mod 5, 

which has the solution x = 2. Thus we have an error in position 

(x + 3) + (| ifj | - IK = (2 + 3) + (| -2 | - 1) 6 = 11 

having the value — 1. 

A more interesting case arises when one desires to correct a single 
error of magnitude +1, —1, +2, or —2. We give a construction pro- 
cedure which results in perfect codes for the case where the prime p is 
such that there exists a least positive integer t which satisfies the con- 
gruence 

2 2 ' = - 1 mod p. 

Form the multiplicative subgroup 

1 2 4 8 • • • 2 2 ' = -1 2 2t+1 = -2 • • • 2 4 '" 1 . 
Let Oo = 1, and consider the coset table: 

a 2a 4o 8a • • • 2 2( a = — a a 2"' + = — 2a • • • 

a, 2a! 4ai 8ai • • • —a, — 2ai 

a 2 2a 2 4a 2 8a 2 • • • — a 2 — 2a 2 • • ■ (2" 'Ja 2 



(2 4 '-')a 
(2 4 '->, 

41-1 



a t -i 2aj_i 4aj_i 8a*-i 
where 4tl = p — 1. 



— di-\ 



— 2a,i- x 



(2 4< - 1 )a I -i 
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Now again begin with the check matrix for the lengthened Reed- 
Solomon single error-correcting code 



H' = 



< n' - p + 1 > 

10 11 1 1 " 

1 1 a a ••• a"" 2 . 



and form the new check matrix 
H'" = [ooH' 2 2 a H' 2<a ( ,H' • • • 2 2(( - ,) a H' a x H' 2 2 fll H' • • • 
^'""a.H' ••• aj-xH' 2 2 a,_,H' ••• 2 2( '- 1, a,_,H']. 
The block length of this code, n'", is 

4 4 

In order for the code to correct all single errors of the form ±1, ±2> 
we would require 4ft'" + 1 = p 2 syndromes. Since the code has two 
check symbols, it has exactly p 2 syndromes available for error correction. 
Thus the code will be a perfect code if we can prove that its error correc- 
tion capability is as asserted. 

Proof: We must prove that any column of H'", when multiplied by 
+ 1, —1, +2, or —2, is distinct from any other column of H'" when 
multiplied by +1, — 1, +2, or —2. If the two columns in question come 
from two distinct columns of H', then this is certainly the case since the 
columns of H' are linearly independent over GF(p). Let the pair of 
columns in question be derived from the same column of H', say h. One 
such column is of the form 2 2( ' ,) a,,h and the other is of the form 2 2(,,) 
a,.h where (0 < h , l 2 ^ t - 1) and (0 ^ j, , j 2 g I - 1). Now let z be 
any member of one of the cosets. Then -z, +2z, and -2z are also 
members of that coset; so we need only consider the case j, = j 2 • But 

(1)(2 211 ) = 2 2 '' (1)(2 21 ') = 2 2Z> 

(2)(2 21 ') = 2 2 ' , + 1 (2X2"") = 2 2,,+1 

(-1)(2 2 ' 1 ) - 2 a(l,+ ° (~1)(2 2 '') = 2 tc,,+ ° 

(-2)(2 21 *) = 2 2( ' , + ,,+1 (-2)(2 2 '-) = 2 2( '' + n+1 , 

and no term in the left four equations can equal a term in the right four 

equations for U ?± k , ^ Z, , k ^ t - 1. Thus the assertion is proved. 

As an example, let p = 13 where 2 is a primitive element of order 
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U = 12. Thus t = 3 and 1 = 1. The matrix H' can be taken as 



H' = 

and H"' is 



10 1111 
112 4 8 



111 11111 
3 6 12 11 9 5 10 7 



H'" = [H' 4H' 3H']. 
As a second example let p = 17. The coset table is 

12 4 8 16 3-1 16 13 J 
3 6 12 7 14 11 5 10 



The check matrix H'" is 



H' 



72 



T 



[H' 4H' 3H' 12H'] 2 



i 



where H' is a two row by 18 column check matric formed in the manner 
described. Berlekamp has given a code for p = 17 with block length 
72 with Lee distance 5 that requires four check symbols. The above 
code requires only two check symbols but corrects only a small subset 
of the class of errors correctable by Berlekamp's code. Wyner has found 
several classes of codes which correct two errors per block, each error of 
the form =fcl. 8 One such class has a block length of p and requires three 
check symbols. 

In the proof we have given a decomposition of the integers 1, 2, • • • , 
p — 2, p — 1 = 4m into disjoint sets S X S 2 ■ ■ • S m each containing four 
elements, such that the elements of each set are of the form x, 2x, —x, 
and — 2x (mod p). A sufficient condition for this decomposition was 
that there exists a least positive integer t such that 2 2( = —1 (mod p). 
The appendix shows that this condition is necessary for this decom- 
position. 

In particular we consider the following question in the appendix: 
For which primes p and elements /3 from GF(p) is it possible to partition 
the nonzero field elements (1, 2, • • • , p — 1) into four element subsets, 
Si , such that S t = \x { ,0x { , — x t — /3rc,} (mod p), where each nonzero 
field element occurs in one and only one subset? We show that the 
answer is: Such a partition can be achieved if and only if there exists a 
least positive integer t such that /3 2t ss — 1 (mod p). Stein has considered 
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a more general version of this problem. The results in the appendix 
were proved independently of Stein. 
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APPENDIX 

On a Partitioning of the Nonzero Elements of GF{p) 

By R. L. Graham and J. K. Wolf 

A.i Introduction 

The problem we consider is: For which primes, p, and elements, /?, 
from GF{p) is it possible to partition the nonzero field elements of 
GF(p) into mutually exclusive and exhaustive four element subsets, 
Si, such that 

Si = [Xi , 0Xi , -xt , —fix { } } (mod p)1 
A necessary condition for the existence of such a partition is that 

,£ J modp; 

[ 

otherwise the subsets would not contain four distinct elements. 

We will show that a necessary and sufficient condition for this parti- 
tion is that there exists a t such that /3 2 ' = — 1 (mod p). Further we 
will show that for a prime of the form p = 8k + 5 such a partition 
always exists for /3 = 2. 

a. 2 Proof of Assertion 

First notice that a necessary condition for this partition to exist is 
that p = 4m + 1 for some m ^ 1, since p — 1 must be divisible by 
four. A second necessary condition is that 

1 

(mod p) . 

-1 

Let r be a primitive root of p so that r 2m = — 1 (mod p) . Define a 
as the smallest positive integer such that r a = /3 (mod p) . By assumption 
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/3 5^ — 1 (mod p), so that a ^ 2m. The subset S { must then consist of 
the four elements 

Si = {r"S 1 >"+ a s r v{ + 2,n i r v{ ** M *~} 

so that an equivalent problem is to decompose the additive group 
Z 9 -i ~ {0, 1, 2, • • • , p — 2 = 4m — 1} into mutually exclusive and 
exhaustive subsets of the form £{ = {?/,• , y t + <*, 2A + 2m, y,- + 2m + a) 
mod (4m)]. 

This problem can be viewed geometrically as that of covering the 
vertices of a regular 4m-gon placed on a circle by translates of the 
pattern {0, a, 2m, a + 2m}. This pattern is symmetric modulo 2m, so 
the problem reduces to covering the vertices of a regular 2m-gon 
placed on a circle by translates of the pattern {0, a). This pattern 
{0, a} can be viewed as a chord spanning a vertices. For example, for 
m = 6 and a = 5, this covering is shown in Fig. 1 while for m = 6 and 
a = 4, no such covering is possible. 




6 

Fig. 1 — A covering for m = 6 and « = 5. 

In terms of sets, the problem now is to decompose the additive group 
Z 2m into m mutually exclusive and exhaustive two-element subsets, 
S'/ , of the form S'/ = {y { ,y t + a\ (mod 2m). 

In the following, we denote by [2m, a] a covering of the 2m-gon by 
chords spanning a vertices. Letting 2m = 2 Y (2v -f- 1) we now prove 
the following theorem. 

Theorem 1 : A [2m, a] covering exists if and only if 2 y X a - We prove this 
theorem by first proving the following lemmas. 

Lemma 1: A [2m, a] covering exists if *(2m, a) — 1. 
* (x, y) = greatest common divisor of x and y. 
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Proof: Let S'/ = {2(i - l)a, (2i - l)a) (mod 2m), i = 1, 2, • • • , m. 
Then the subset >S" is of the proper form and it remains to show that 
each element of Z 2m appears in one and only one subset. Assume that 
an element of Z 2m appears in more than one subset. Then for ^ i ^ 
j £ 2m — 1, 

ia t* ja (mod 2m) 

or 

(;' — i)a j^ mod 2m. 

But by assumption (2m, a) = 1 so 2m and a have no common factors. 
Thus 2m | (;" — i) which is impossible since (;' — i) < 2m. We have 
then shown that no element of Z 2m appears in more than one subset. 
But there are 2m elements in the m subsets so that each element of Z 2m 
must appear once and only once in those subsets. 

The decomposition used in the proof of Lemma 1 can also be viewed 
as taking alternate edges of the regular star of step size a. For ex- 
ample, the covering in Fig. 1 can be viewed as taking alternate edges 
of a star of step size a. In Fig. 2, this star is shown for m = 6 and a = 
5 with the alternate edges as solid lines. 

Lemma 2: A [x, a] covering exists if and only if a [kx, ka] covering exists, 
where k ^ 1. 

Proof: If a [x, a] covering exists, a [kx, ka] covering can be obtained 
by simply interleaving the [x, a] covering k times. If a [kx, ka] cover- 
ing exists, the chords must span exactly ka vertices. Thus deleting all 




Fig. 2 — A star of step size 5 for m = 6. 
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vertices except those congruent to zero modulo k, we have a [x, a] 
covering. 

Lemma 8: A [x, a] covering does not exist for x odd. 

Proof: The covering problem is that of partitioning the integers 
{0, 1, . . . , x — 1} into two element subsets. For this to be possible two 
must divide x. 

Lemma 4: Let 2m = dM and a = dA, where (A, M) = 1. Then a 
[2m, a] covering exists if and only if M is even. 

Proof: From Lemma 2, a [2m, a] = [dM, dA] covering exists if and 
only if a [M, A] covering exists. But from Lemma 3, a [M, A] cover- 
ing will not exist if M is odd. If M is even, since (.A, M) = 1, Lemma 
1 insures the existence of a [M , A] covering. 

Proof of Theorem 1: Let 2m = 2 7 (2v + 1) = dM and a = dA where 
(A, M) = 1. If 2 7 | a, then 2 y \ d and M will be odd. By Lemma 4, a 
[2m, a] covering will not exist if M is odd. Conversely, assume that 
2 y Jf a. Then 2 | M and M is even and by Lemma 4, a [2m, a] covering 
exists. Q.E.D. 

Using Theorem 1 we now prove the main result, which is given as 
Theorem 2. 

Theorem 2: The nonzero elements of GF(p) can be partitioned into 
mutually exclusive and exhaustive 4 element subsets, Si , such that S ( = 
\Xi , fiXi , —x if —0Xi} (mod p) if and only if there exists a positive 
inter ger t such that /3 2 ' = —1 (mod p). 

Proof of Theorem 2: From Theorem 1, such a partition is possible 
if and only if 2 7 X «• Let us first assume the existence of a positive 
integer t such that /3 2 ' = —1 (mod p). But r a = /? (mod p) so that 
r" 2 ' = — 1 (mod p). Since r ! = —1 (mod p) implies 



o = '— - + Up - 1) - (21 + l)( 2 -2^) = (21 + l)(2m), 



V- 1 

2 



for some I, then a2t = (21 + l)(2m) = (21 + 1)(2« + 1)2 7 . Thus at = 
2 y ~\2l + l)(2u + 1) and 2 7 X <*. 

Next assume that 2 y X <*• There exists a y such that r av = /3" = 
— 1 (mod p) if and only if 



ay 



= ( E -2- i )(2ff + 1) - 2m(2q + 1) = 2 7 (2y + l)(2g + 1) 
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for some q. But 2 y X a, so y must have an even factor, that is 2 | y. 
Thus y can be written as y = 21 and /3 2 ' = —1 (mod p). Further notice 
that the condition 

[+1 

M (mod p) 
-1 

is subsumed by the condition /3 2 ' = — 1 (mod p). Q.E.D. 

A.3 A Special Set of Primes with the Desired Partition 

Each of the two theorems in Section A.2 give a necessary and suf- 
ficient condition for the desired partition. Either condition, however, 
requires some calculation to discover whether p admits such a parti- 
tion. The following discussion yields an easily recognizable class of 
primes, p, for which the partition will always be possible if fi = 2. 
The Legendre symbol (a/p) is defined as 

1 if x 2 = a has a solution in GF(p) (that is, a is a 
quadratic residue mod p) 
— 1 if x 2 = a does not have a solution in GF(p) (that is, 
a is a quadratic nonresidue mod p) 
if a = 0. 



(a/p) - 



Lemma 5: A sufficient condition for the partition to exist is ( p/p) 

Proof: By Euler's criterion 

a (p - I)/2 = (a/p) mod p. 

Since p — 1 = 4m, if (/3/p) = — 1 then /3 2m = — 1 mod p, and the 
partition is possible for that /3 and p. 

One can show (p. 172 of Ref. 6) that (2/p) = -1 if p = 8k + 5 for 
some k. Thus if fi = 2 and the prime p is of the form p = 8/c + 5 
such a partition can be achieved. 
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